Product Updates

We are pleased to announce that Snyk Code now includes support for the FastAPI framework. This update enhances our ability to identify and analyze FastAPI-specific sources and sinks, improving the detection of security vulnerabilities in applications using this framework.

This new feature is integrated into Snyk Code’s existing scanning processes and is available for use immediately for all Python rules. We recommend conducting a fresh scan to benefit from the updated functionality.

As always, our goal is to assist you in enhancing your application's security by providing precise, framework-specific vulnerability detection. For detailed information or support, please reach out to your account team.

Thank you for using Snyk Code to secure your software development.

We are very happy to introduce an improved DeepCode AI Fix experience for Visual Studio Code. Developers will have a more streamlined experience by:

• Having visibility of how many issues are autofixable

• Being able to generate fixes from the issue details panel

• Having a preview of the possible fixes before they are applied

• Guidance to the code that has changed

These improvements come on top of our general fix quality improvements we have been working on, which you can read about on our new blog post!

For details on how to get started with DeepCode AI Fix and start fixing Snyk Code issues, please visit our documentation

We're excited to introduce the option of creating custom roles at the Group level alongside the existing custom ones at the Organization level.

Enterprise users can now extend the pre-defined Group roles by introducing new roles with customized sets of permissions. This allows admins to fine-tune access to parts of the Snyk product and better map team members' responsibilities to their permissions inside the Snyk app.

The new custom Group roles can be manually assigned on the Members page or automatically assigned using an updated version of Custom Mapping. Reach out to your account team to implement this option.

For more details on creating Group-level custom roles, see the documentation available here.

We are very pleased to announce that you can now use the Snyk CLI to scan CycloneDX and SPDX SBOM files!

Snyk has enabled SBOM testing via the API for a while. Adding this to the CLI makes it significantly easier to test SBOMs produced using other tools, or SBOMs received from 3rd-party vendors.

To get started install Snyk CLI v1.1290 or above, and run the following command (using your actual SBOM file name 😉).

snyk sbom test --experimental --file=bom.cdx.json

This feature is in Open Beta, the following SBOM formats are currently supported.

• CycloneDX: JSON version 1.4 and 1.5

• SPDX: JSON version 2.3

See snyk help or Snyk User Docs for more usage details 🙌

For customers on free plans, we plan to implement hard enforcements on monthly test limits. Specifically, we are starting work on the enforcement of test limits through the push flow. The work will begin on Monday, April 29th and plan to be complete by Thursday, May 2nd.

Please be aware that this feature will only impact customers on the free plan, who do not pay for any Snyk products. Customers with one or more paid products will not be affected by this feature.

For your awareness, minor updates to our Project page will be introduced over the next week. In the topmost heading, tabs related to the project overview, history, and settings are migrating higher on the page. In addition, modifications will be made to the project breadcrumbs.

Please be aware any temporary inconsistencies between organizations will resolve themselves shortly!

We’re happy to introduce Automated Collections to help you easily manage all your Snyk Projects.

With Automated Collections enabled, similar Projects from different integration types are automatically grouped into a collection to filter and report on the issues of your preferred scanning method easily and hide duplicate results.

You’ll find the option to enable Automated Collections under a new entry in the Organization Settings menu. After Automated Collections are enabled, it may take minutes (up to an hour) to analyze all the Organization’s Projects and group them by their Target URL.

Please note that Collections and Automated Collections are only available for customers on the Snyk Enterprise plan. Read more about how automatically created Project collections help you track issues, and contact your account team with any questions.

We are very pleased to announce that the option to define Python minor version when scanning pip projects via Git integrations is now GA!

Until now, Snyk would always use either Python 2.7 or 3.7 which could lead to some dependencies being omitted from results if they require newer versions.

You can now specify minor versions of Python 3 to use in scans, up to 3.12.

To try this out go to Settings > Languages > Python and specify the Python version to use.

For more details see the documentation available here.

We're thrilled to announce the following improvements to Snyk AppRisk Essentials, which are available today in our platform:

Snyk AppRisk is now unified into the Snyk platform user interface. This eliminates the need to switch between separate web browser tabs. All Snyk AppRisk capabilities are available on Snyk’s main navigation menu at the Group level, and these navigation changes do not introduce any breaking changes.

The Snyk AppRisk asset inventory now includes aggregate counts of Snyk issues in the asset inventory for Snyk Open Source, Snyk Code, and Snyk Container. From a specific asset, you can navigate to the Insights UI to see more details on the issues that relate to the given asset.

Support for images as assets. Snyk AppRisk now provides visibility into image assets scanned via Snyk Container. Image assets can be tagged, and managed with policies (e.g. for asset classification). Where relevant, Issue counts from Snyk Container issues are aggregated on the image asset.

Please reach out to your account team if you have any questions on the above

We're pleased to share that Snyk AppRisk will allow customers to bring Backstage data into AppRisk as their org context information. You can now see the repo assets in AppRisk with the Backstage catalog info yaml file; this will make it easy for our user to manage their repo assets.

What is this feature about? Enable customers to add catalog info yaml, allow the customer to bring their organizational context into AppRisk. Enrich repo assets with metadate from Backstage. This allows customers to filter the asset inventory and build policies based on Backstage metadata.

This feature will be available for AppRisk Essentials and AppRisk Pro, which will be available for all SCM integrations that AppRisk supports.

Please see our Snyk documentation for more details, and contact your account team with any questions.